Captive Portal

We are having issues specifically with iOS based devices where when they go to sleep, the user has to re-enter their credentials for the captive portal.

In order to better understand why this is, I was hoping to find out if M0n0wall uses a Cookie, tracks by IP. or some other method.
The documentation says M0n0wall tracks by MAC, but that would not account for remote, or routed connections.

So how does M0n0wall track authenticated users?

IP+MAC. Or just IP if you disable the MAC portion. Sleeping devices having to log in again means they're either hitting the idle timeout or hard timeout.

The idle time out is set to 480 minutes. 
The hard timeout is left blank which should mean no hard timeout.
Users are experiencing this after 10 minutes.

Only way I can think of that would happen is if your DHCP lease time is way too short. It should be equal to or greater than your hard timeout, which should be set in most circumstances. If you only want to set the idle timeout, then make sure it's at least twice as long as your idle timeout. That'll ensure devices keep the same IP as long as their session is active.

DHCP service is set for a 24 hour lease time.

Could it be that this is related to the "WPA group key handshake" problem as it occurs in the same interval (10 minutes)?

We're doing an open wireless so WPA doesn't factor in.  10 minutes is what most of the iOS devices are set to for their sleep timer.  This seems to only occur after an iOS device is "woken up"  which could be as little as 10 minutes, or much longer. 

We're doing an open wireless so WPA doesn't factor in.

That make's sense. Sorry.

Captive Portal won't let someone with the Different MAC + Same IP even see the login sreen, so the only reason for it to come up is either the device is caching the login screen (some do for some stupid reason) in place of a website (say yahoo or google) or the device is getting a different IP everytime. It should be easy to tell by reading the captive portal logs what is going on.